VARIoT IoT vulnerabilities database

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )

A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of rx9 pro An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX9 Pro is a high-performance wireless router that provides stable and fast network connection services. Remote attackers can exploit this vulnerability to launch attacks and potentially execute arbitrary code

Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. Tianyu CPE Router is a wireless router from China's Tianyu company

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. AC15 firmware, AC7 firmware, ac10u firmware etc. The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM of Multiplatforms for IBM CICS Transaction Gateway There are vulnerabilities in inadequate protection of credentials.Information may be obtained

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-49294. Reason: This candidate is a reservation duplicate of CVE-2023-49294. Notes: All CVE users should reference CVE-2023-49294 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Sangoma of Asterisk and certified asterisk Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

MSR954 is usually used in medium and large enterprise environments and supports a variety of network services and functions, including advanced routing, VPN, network security, etc. Hewlett Packard Enterprise MSR954 has a weak password vulnerability, which can be exploited by attackers to log in to the backend and obtain sensitive information.

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account. (DoS) It may be in a state. Dell Secure Connect Gateway (Dell SCG) is a secure connection gateway of Dell (Dell) in the United States. The vulnerability is caused by the use of damaged or risky encryption algorithms

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data. The vulnerability is caused by an incorrect certificate verification vulnerability

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition. (DoS) It may be in a state

AM401-CPU1608TP is an economical medium-sized PLC developed by Suzhou Inovance Technology Co., Ltd., which supports Ethernet communication. AM401-CPU1608TP of Shenzhen Inovance Technology Co., Ltd. has a denial of service vulnerability. Attackers can exploit this vulnerability to cause a denial of service at the PLC application layer, and the PLC needs to be manually restarted to return to normal.

ARRIS VAP3402E is a wireless access device product. ARRIS VAP3402E has a weak password vulnerability, which can be exploited by attackers to log in to the backend and obtain sensitive information.

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router